Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1775051]
My initial findings show that this is only on bringing up the device, not on a regular interval. It is definitely wasted memory if device bringup fails and triggers the flaw, but I don't imagine this is a big impact flaw.
The affected function mwifiex_pcie_init_evt_ring
Which is called in two possible ways.
Both of these functions are used during PCIE device initialization time, with no network traffic existing on the card at this time. Other reports may show this as a network based attack however as this issue is during the hardware initialization the network attack vector is not correct.